6 updates You Need to Know about LGPD in 2022
There have been updates regarding the LGPD. Learn what is new on the Brazilian Data Protection Law here.
The new LGPD - Lei Geral de Proteção de Dados (General Personal Data Protection Law) is establishing a new milestone in the relationship and treatment of information between companies and consumers in Brazil. In practice, the LGPD regulates the use and processing of personal data by the private sector and the public authorities, in order to prevent leaks and misuse.
In 2022 there have been some law adjustments and events that had an impact on the personal and corporate environment. Find out below three significant changes and three recent news about LGPD in 2022 so far.
1. Important LGPD updates for SMEs
On January 27, 2022, the ANPD (Autoridade Nacional de Proteção de Dados/National Data Protection Authority) published Resolution No. 2 in adequacy and compliance with the new rules of the LGPD. The main changes for these companies are:
- Simplified Model for Recording Treatment Operations (Inventory)
- Simplified procedure for reporting security incidents, with specific regulations to be published by the ANPD;
- The non-compulsory appointment of a person as a DPO for SMEs must maintain a communication channel for the exercise of clients' rights.
- Possibility of simplifying the Information Security Policy, containing only the essential items for the protection of personal data against incidents or violations;
- Greater time to respond to requests from data subjects and carry out communications in the event of security incidents.
Such changes aim at a broader adoption of the LGPD principles by SMEs in Brazil. Currently, 7 over 10 SMEs in Brazil still have not fully adopted these principles, so there it lies the importance of these changes by ANPD.
2. Government edits MP that transforms ANPD into a special authority
It has been published in the Federal Official Gazette (MP 1124/2022) a regulation that transforms the National Data Protection Authority (ANPD) into a special authority. This change aims to give more independence to the ANPD, which until then was formally subordinated to the Federal Government.
The ANPD hopes that with the new status it will also be easier for its operations, as well as for international cooperation, where the Brazilian government aims for an OCDE spot.
3. The LGPD is now an integral part of the fundamental right of Brazilians
The National Congress enacted on 02/10/2022 the proposal for an Amendment to the Constitution (PEC) that includes the protection of personal data among the fundamental rights of the citizen. The text then becomes valid and part of the Constitution. It is included in the article dealing with individual and collective rights, a new section that says that "the right to protection of personal data, including in digital media, is ensured, under the terms of the law". The inclusion makes the protection of personal data a solid clause – which means that any change in this theme will have to be in the sense of expanding and protecting rights.
Another curious fact: users and customers do not differentiate between public and private companies when it comes to the data policy. A survey by the Capterra group sought to investigate whether people/users would feel more motivated to share data with private or public companies. The results between private and public companies had very little variation, which did not indicate that there was more confidence in one or another type of company.
4. Demand for compliance with LGPD grows 554% in the corporate environment, says survey
The survey 'Biannual Report on Data Governance' by legaltech Seusdados found that in 2021 a 554% increase in demands for data protection solutions in the corporate market, a considerable leap compared to 2020.
“Not having permanent compliance with data protection among the top three priorities of your business plan for the next five years, is taking the risk of not taking an effective drug to cure a terminal illness” - Marcelo Fattori
5. Eight out of 10 Brazilian companies predict an increase in cybersecurity investment in 2022
According to a survey by the Global Digital Trust Insights Survey 2022, 83% of Brazilian companies predict growth in cybersecurity spending in 2022 - a higher percentage than the world's expectation which is around 70%. In addition, 36% of companies in Brazil are looking to increase their cyber budget by between 6% and 10%. Already 33% predict a rise of 15% or more. This reflects a shift in the corporate mindset in caring for data.
6. Sensitive data requires prior consent
With the implementation of the LGPD, companies - even SMEs (see legislation update in 2022) need to comply with the use and treatment of their customers'/users' data. In the case of sensitive data, it is only possible to process it if it has the explicit consent of the owner of the information.
Knowing how to categorize and differentiate the handling and sensitivity of data types is crucial for compliance with the LGPD. To this end, an effective way is through the use of cybersecurity software and solutions, which enable compliance with current legislation, prevent leaks, and explain the necessary information to the consumer.
Learn more about Secure Privacy's Cookie Compliance Solution
You can sign up for your free trial of our complete LGPD compliance solution here.
Want to try
Get your free cookie banner up and running today!
The Ultimate Guide to GDPR Data Breach Responses
If you think that data breaches only happen to someone else, think again. Data breaches have happened to all types of businesses - from small ecommerce stores to large corporations such as Microsoft and it could happen to you as well. Read about GDPR Data Breach Responses here.
What Is a Data Protection Officer and Do You Need One?
When a business operator realizes they need to comply with the GDPR or any other data protection law, one of the first questions to pop up in their head is - Do I need a DPO? Learn all about DPOs here.
- Data Protection
How to implement an Online Data Protection Strategy
When a company operates online within the European Union, or when its website visitors come from the EU, the company must comply with the General Data Protection Regulation (GDPR). The GDPR was created to protect citizens' personal data and restrict abuses.
- Data Protection